James McKenzie wrote: > On 5/7/11 12:54 PM, Bill Davidsen wrote: >> James McKenzie wrote: >>> On 5/1/11 5:18 PM, Bill Davidsen wrote: >>>> Gregory Hosler wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> On 04/25/2011 09:48 AM, Digimer wrote: >>>>>> On 04/24/2011 09:46 PM, ssc1478 wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I'm new to Fedora - been using Ubuntu for years. I just installed >>>>>>> Fedora 14 to my laptop and selected to encrypt /home. >>>>>>> >>>>>>> When I boot, I have to enter the password for the encrypted directory. >>>>>>> Did I set it up wrong? I didn't expect to have to enter the password >>>>>>> at boot but instead thought the login password would be enough. >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> Phil >>>>>> It encrypts the partition, so when the system tries to mount /etc/fstab >>>>>> partitions, of which /home is likely one, it requires the password then. >>>>> alternately, you can setup /etc/crypttab so that the password is not entered >>>>> manually. >>>>> >>>> This adds no security at all from the encryption. The only reason to use >>>> encryption and then build in the pass phrase is to allow you to claim that the >>>> data was encrypted if you lose the machine, therefore giving you legal cover if >>>> the data you lost belongs to customers. I can't decide if that's a sleazy legal >>>> trick to provide cover without the effort to have security, or if it just shows >>>> how little the average user knows about security in the first place. >>> False security is worse than no security at all. Never store a >>> passphrase on a readable device. It should be stored in the brain, just >>> like passwords and such. BTW, this would never pass a security >>> inspection at any of the places I've worked at. >>> >> It satisfies legal requirements to encrypt sensitive data which is all the bean >> counters and lawyers care about. They are not required to actually protect your >> information. :-( >> > Not in the EU. There are legal requirements to safeguard information, > to include encryption of 'data at rest' and 'data in transit'. Same for > HIPPA and in the PCI world. This has gotten several companies in trouble. > That's my point, encryption is required, keeping the key safe may not be spelled out in the law. -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines